>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Confidential computing is a technology that aims to enhance data privacy and security, by providing encrypted computation on sensitive data and isolating data, and apps that are fenced off enclave during processing. The concept of, I got to start over. I fucked that up, I'm sorry. That's not right, what I said was not right. On Dave in five, four, three. Confidential computing is a technology that aims to enhance data privacy and security by providing encrypted computation on sensitive data, isolating data from apps and a fenced off enclave during processing. The concept of confidential computing is gaining popularity, especially in the cloud computing space, where sensitive data is often stored and of course processed. However, there are some who view confidential computing as an unnecessary technology in a marketing ploy by cloud providers aimed at calming customers who are cloud phobic. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we revisit the notion of confidential computing, and to do so, we'll invite two Google experts to the show. But before we get there, let's summarize briefly. There's not a ton of ETR data on the topic of confidential computing, I mean, it's a technology that's deeply embedded into silicon and computing architectures. But at the highest level, security remains the number one priority being addressed by IT decision makers in the coming year as shown here. And this data is pretty much across the board by industry, by region, by size of company. I mean we dug into it and the only slight deviation from the mean is in financial services. The second and third most cited priorities, cloud migration and analytics are noticeably closer to cybersecurity in financial services than in other sectors, likely because financial services has always been hyper security conscious, but security is still a clear number one priority in that sector. The idea behind confidential computing is to better address threat models for data in execution. Protecting data at rest and data in transit have long been a focus of security approaches, but more recently, silicon manufacturers have introduced architectures that separate data and applications from the host system, ARM, Intel, AMD, Nvidia and other suppliers are all on board, as are the big cloud players. Now, the argument against confidential computing is that it narrowly focuses on memory encryption and it doesn't solve the biggest problems in security. Multiple system images, updates, different services and the entire code flow aren't directly addressed by memory encryption. Rather to truly attack these problems, many believe that OSs need to be re-engineered with the attacker and hacker in mind. There are so many variables and at the end of the day, critics say the emphasis on confidential computing made by cloud providers is overstated and largely hype. This tweet from security researcher Rodrigo Bronco, sums up the sentiment of many skeptics. He says, "Confidential computing is mostly a marketing campaign from memory encryption. It's not driving the industry towards the hard open problems. It is selling an illusion." Okay. Nonetheless, encrypting data in use and fencing off key components of the system isn't a bad thing, especially if it comes with the package essentially for free. There has been a lack of standardization and interoperability between different confidential computing approaches. But the confidential computing consortium was established in 2019 ostensibly to accelerate the market and influence standards. Notably, AWS is not part of the consortium, likely because the politics of the consortium were probably a conundrum for AWS because the base technology defined by the consortium is seen as limiting by AWS. This is my guess, not AWS' words. But I think joining the consortium would validate a definition which AWS isn't aligned with. And two, it's got to lead with this Annapurna acquisition. It was way ahead with ARM integration, and so it's probably doesn't feel the need to validate its competitors. Anyway, one of the premier members of the confidential computing consortium is Google, along with many high profile names, including Aem, Intel, Meta, Red Hat, Microsoft, and others. And we're pleased to welcome two experts on confidential computing from Google to unpack the topic. Nelly Porter is Head of Product for GCP Confidential Computing and Encryption and Dr. Patricia Florissi is the Technical Director for the Office of the CTO at Google Cloud. Welcome Nelly and Patricia, great to have you. >> Great to be here. >> Thank you so much for having us. >> You're very welcome. Nelly, why don't you start and then Patricia, you can weigh in. Just tell the audience a little bit about each of your roles at Google Cloud. >> So I'll start, I'm owning a lot of interesting activities in Google and again, security or infrastructure securities that I usually own. And we are talking about encryption, end-to-end encryption, and confidential computing is a part of portfolio. Additional areas that I contribute to get with my team to Google and our customers is secure software supply chain because you need to trust your software. Is it operate in your confidential environment to have end-to-end security, about if you believe that your software and your environment doing what you expect, it's my role. >> Got it. Okay, Patricia? >> Well, I am a Technical Director in the Office of the CTO, OCTO for short in Google Cloud. And we are a global team, we include former CTOs like myself and senior technologies from large corporations, institutions and a lot of success for startups as well. And we have two main goals, first, we walk side by side with some of our largest, more strategic or most strategical customers and we help them solve complex engineering technical problems. And second, we advice Google and Google Cloud Engineering, product management on emerging trends and technologies to guide the trajectory of our business. We are unique group, I think, because we have created this collaborative culture with our customers. And within OCTO I spend a lot of time collaborating with customers in the industry at large on technologies that can address privacy, security, and sovereignty of data in general. >> Excellent. Thank you for that both of you. Let's get into it. So Nelly, what is confidential computing from Google's perspective? How do you define it? >> Confidential computing is a tool and one of the tools in our toolbox. And confidential computing is a way how we would help our customers to complete this very interesting end-to-end lifecycle of the data. And when customers bring in the data to cloud and want to protect it as they ingest it to the cloud, they protect it at rest when they store data in the cloud. But what was missing for many, many years is ability for us to continue protecting data and workloads of our customers when they run them. And again, because data is not brought to cloud to have huge graveyard, we need to ensure that this data is actually indexed. Again, there is some insights driven and drawn from this data. You have to process this data and confidential computing here to help. Now we have end-to-end protection of our customer's data when they bring the workloads and data to cloud thanks to confidential computing. >> Thank you for that. Okay, we're going to get into the architecture a bit, but before we do Patricia, why do you think this topic of confidential computing is such an important technology? Can you explain? Do you think it's transformative for customers and if so, why? >> Yeah, I would maybe like to use one thought, one way, one intuition behind why confidential computing matters because at the end of the day, it reduces more and more the customer's thrush boundaries and the attack surface. That's about reducing that periphery, the boundary in which the customer needs to mind about trust and safety. And in a way is a natural progression that you're using encryption to secure and protect data in the same way that we are encrypting data in transit and at rest. Now, we are also encrypting data while in the use. And among other beneficials, I would say one of the most transformative ones is that organizations will be able to collaborate with each other and retain the confidentiality of the data. And that is across industry, even though it's highly focused on, I wouldn't say highly focused but very beneficial for highly regulated industries, it applies to all of industries. And if you look at financing for example, where bankers are trying to detect fraud and specifically double finance where a customer is actually trying to get a finance on an asset, let's say a boat or a house, and then it goes to another bank and gets another finance on that asset. Now bankers would be able to collaborate and detect fraud while preserving confidentiality and privacy of the data. >> Interesting and I want to understand that a little bit more but I got to push you a little bit on this, Nellie if I can, because there's a narrative out there that says confidential computing is a marketing ploy I talked about this up front, by cloud providers that are just trying to placate people that are scared of the cloud. And I'm presuming you don't agree with that, but I'd like you to weigh in here. The argument is confidential computing is just memory encryption, it doesn't address many other problems. It is over hyped by cloud providers. What do you say to that line of thinking? >> I absolutely disagree as you can imagine Dave, with this statement. But the most importantly is we mixing a multiple concepts I guess, and exactly as Patricia said, we need to look at the end-to-end story, not again, is a mechanism. How confidential computing trying to execute and protect customer's data and why it's so critically important. Because what confidential computing was able to do, it's in addition to isolate our tenants in multi-tenant environments the cloud offering to offer additional stronger isolation, they called it cryptographic isolation. It's why customers will have more trust to customers and to other customers, the tenants running on the same host but also us because they don't need to worry about against rats and more malicious attempts to penetrate the environment. So what confidential computing is helping us to offer our customers stronger isolation between tenants in this multi-tenant environment, but also incredibly important, stronger isolation of our customers to tenants from us. We also writing code, we also software providers, we also make mistakes or have some zero days. Sometimes again us introduce, sometimes introduced by our adversaries. But what I'm trying to say by creating this cryptographic layer of isolation between us and our tenants and among those tenants, we really providing meaningful security to our customers and eliminate some of the worries that they have running on multi-tenant spaces or even collaborating together with very sensitive data knowing that this particular protection is available to them. >> Okay, thank you. Appreciate that. And I think malicious code is often a threat model missed in these narratives. You know, operator access. Yeah, maybe I trust my cloud's provider, but if I can fence off your access even better, I'll sleep better at night separating a code from the data. Everybody's ARM, Intel, AMD, Nvidia and others, they're all doing it. I wonder if Nell, if we could stay with you and bring up the slide on the architecture. What's architecturally different with confidential computing versus how operating systems and VMs have worked traditionally? We're showing a slide here with some VMs, maybe you could take us through that. >> Absolutely, and Dave, the whole idea for Google and now industry way of dealing with confidential computing is to ensure that three main property is actually preserved. Customers don't need to change the code. They can operate in those VMs exactly as they would with normal non-confidential VMs. But to give them this opportunity of lift and shift though, no changing the apps and performing and having very, very, very low latency and scale as any cloud can, some things that Google actually pioneer in confidential computing. I think we need to open and explain how this magic was actually done, and as I said, it's again the whole entire system have to change to be able to provide this magic. And I would start with we have this concept of root of trust and root of trust where we will ensure that this machine within the whole entire host has integrity guarantee, means nobody changing my code on the most low level of system, and we introduce this in 2017 called Titan. So our specific ASIC, specific inch by inch system on every single motherboard that we have that ensures that your low level former, your actually system code, your kernel, the most powerful system is actually proper configured and not changed, not tempered. We do it for everybody, confidential computing included, but for confidential computing is what we have to change, we bring in AMD or future silicon vendors and we have to trust their former, their way to deal with our confidential environments. And that's why we have obligation to validate intelligent not only our software and our former but also former and software of our vendors, silicon vendors. So we actually, when we booting this machine as you can see, we validate that integrity of all of this system is in place. It means nobody touching, nobody changing, nobody modifying it. But then we have this concept of AMD Secure Processor, it's special ASIC best specific things that generate a key for every single VM that our customers will run or every single node in Kubernetes or every single worker thread in our Hadoop spark capability. We offer all of that and those keys are not available to us. It's the best case ever in encryption space because when we are talking about encryption, the first question that I'm receiving all the time, "Where's the key? Who will have access to the key?" because if you have access to the key then it doesn't matter if you encrypted or not. So, but the case in confidential computing why it's so revolutionary technology, us cloud providers who don't have access to the keys, they're sitting in the hardware and they fed to memory controller. And it means when hypervisors that also know about this wonderful things saying I need to get access to the memories, that this particular VM I'm trying to get access to. They do not decrypt the data, they don't have access to the key because those keys are random, ephemeral and per VM, but most importantly in hardware not exportable. And it means now you will be able to have this very interesting world that customers or cloud providers will not be able to get access to your memory. And what we do, again as you can see, our customers don't need to change their applications. Their VMs are running exactly as it should run. And what you've running in VM, you actually see your memory clear, it's not encrypted. But God forbid is trying somebody to do it outside of my confidential box, no, no, no, no, no, you will now be able to do it. Now, you'll see cyber test and it's exactly what combination of these multiple hardware pieces and software pieces have to do. So OS is also modified and OS is modified such way to provide integrity. It means even OS that you're running in your VM box is not modifiable and you as customer can verify. But the most interesting thing I guess how to ensure the super performance of this environment because you can imagine Dave, that's increasing and it's additional performance, additional time, additional latency. So we're able to mitigate all of that by providing incredibly interesting capability in the OS itself. So our customers will get no changes needed, fantastic performance and scales as they would expect from cloud providers like Google. >> Okay, thank you. Excellent, appreciate that explanation. So you know again, the narrative on this is, well, you've already given me guarantees as a cloud provider that you don't have access to my data, but this gives another level of assurance, key management as they say is key. Now humans aren't managing the keys, the machines are managing them. So Patricia, my question to you is in addition to, let's go pre-confidential computing days, what are the sort of new guarantees that these hardware based technologies are going to provide to customers? >> So if I am a customer, I am saying I now have full guarantee of confidentiality and integrity of the data and of the code. So if you look at code and data confidentiality, the customer cares and they want to know whether their systems are protected from outside or unauthorized access, and that we covered with Nelly that it is. Confidential computing actually ensures that the applications and data antennas remain secret. The code is actually looking at the data, only the memory is decrypting the data with a key that is ephemeral, and per VM, and generated on demand. Then you have the second point where you have code and data integrity and now customers want to know whether their data was corrupted, tempered with or impacted by outside actors. And what confidential computing ensures is that application internals are not tempered with. So the application, the workload as we call it, that is processing the data is also has not been tempered and preserves integrity. I would also say that this is all verifiable, so you have attestation and this attestation actually generates a log trail and the log trail guarantees that provides a proof that it was preserved. And I think that the offers also a guarantee of what we call sealing, this idea that the secrets have been preserved and not tempered with, confidentiality and integrity of code and data. >> Got it. Okay, thank you. Nelly, you mentioned, I think I heard you say that the applications is transparent, you don't have to change the application, it just comes for free essentially. And we showed some various parts of the stack before, I'm curious as to what's affected, but really more importantly, what is specifically Google's value add? How do partners participate in this, the ecosystem or maybe said another way, how does Google ensure the compatibility of confidential computing with existing systems and applications? >> And a fantastic question by the way, and it's very difficult and definitely complicated world because to be able to provide these guarantees, actually a lot of work was done by community. Google is very much operate and open. So again our operating system, we working this operating system repository OS is OS vendors to ensure that all capabilities that we need is part of the kernels are part of the releases and it's available for customers to understand and even explore if they have fun to explore a lot of code. We have also modified together with our silicon vendors kernel, host kernel to support this capability and it means working this community to ensure that all of those pages are there. We also worked with every single silicon vendor as you've seen, and it's what I probably feel that Google contributed quite a bit in this world. We moved our industry, our community, our vendors to understand the value of easy to use confidential computing or removing barriers. And now I don't know if you noticed Intel is following the lead and also announcing a trusted domain extension, very similar architecture and no surprise, it's a lot of work done with our partners to convince work with them and make this capability available. The same with ARM this year, actually last year, ARM announced future design for confidential computing, it's called confidential computing architecture. And it's also influenced very heavily with similar ideas by Google and industry overall. So it's a lot of work in confidential computing consortiums that we are doing, for example, simply to mention, to ensure interop as you mentioned, between different confidential environments of cloud providers. They want to ensure that they can attest to each other because when you're communicating with different environments, you need to trust them. And if it's running on different cloud providers, you need to ensure that you can trust your receiver when you sharing your sensitive data workloads or secret with them. So we coming as a community and we have this at Station Sig, the community-based systems that we want to build, and influence, and work with ARM and every other cloud providers to ensure that they can interop. And it means it doesn't matter where confidential workloads will be hosted, but they can exchange the data in secure, verifiable and controlled by customers really. And to do it, we need to continue what we are doing, working open and contribute with our ideas and ideas of our partners to this role to become what we see confidential computing has to become, it has to become utility. It doesn't need to be so special, but it's what what we've wanted to become. >> Let's talk about, thank you for that explanation. Let's talk about data sovereignty because when you think about data sharing, you think about data sharing across the ecosystem in different regions and then of course data sovereignty comes up, typically public policy, lags, the technology industry and sometimes it's problematic. I know there's a lot of discussions about exceptions but Patricia, we have a graphic on data sovereignty. I'm interested in how confidential computing ensures that data sovereignty and privacy edicts are adhered to, even if they're out of alignment maybe with the pace of technology. One of the frequent examples is when you delete data, can you actually prove the data is deleted with a hundred percent certainty, you got to prove that and a lot of other issues. So looking at this slide, maybe you could take us through your thinking on data sovereignty. >> Perfect. So for us, data sovereignty is only one of the three pillars of digital sovereignty. And I don't want to give the impression that confidential computing addresses it at all, that's why we want to step back and say, hey, digital sovereignty includes data sovereignty where we are giving you full control and ownership of the location, encryption and access to your data. Operational sovereignty where the goal is to give our Google Cloud customers full visibility and control over the provider operations, right? So if there are any updates on hardware, software stack, any operations, there is full transparency, full visibility. And then the third pillar is around software sovereignty, where the customer wants to ensure that they can run their workloads without dependency on the provider's software. So they have sometimes is often referred as survivability that you can actually survive if you are untethered to the cloud and that you can use open source. Now, let's take a deep dive on data sovereignty, which by the way is one of my favorite topics. And we typically focus on saying, hey, we need to care about data residency. We care where the data resides because where the data is at rest or in processing need to typically abides to the jurisdiction, the regulations of the jurisdiction where the data resides. And others say, hey, let's focus on data protection, we want to ensure the confidentiality, and integrity, and availability of the data, which confidential computing is at the heart of that data protection. But it is yet another element that people typically don't talk about when talking about data sovereignty, which is the element of user control. And here Dave, is about what happens to the data when I give you access to my data, and this reminds me of security two decades ago, even a decade ago, where we started the security movement by putting firewall protections and logging accesses. But once you were in, you were able to do everything you wanted with the data. An insider had access to all the infrastructure, the data, and the code. And that's similar because with data sovereignty, we care about whether it resides, who is operating on the data, but the moment that the data is being processed, I need to trust that the processing of the data we abide by user's control, by the policies that I put in place of how my data is going to be used. And if you look at a lot of the regulation today and a lot of the initiatives around the International Data Space Association, IDSA and Gaia-X, there is a movement of saying the two parties, the provider of the data and the receiver of the data going to agree on a contract that describes what my data can be used for. The challenge is to ensure that once the data crosses boundaries, that the data will be used for the purposes that it was intended and specified in the contract. And if you actually bring together, and this is the exciting part, confidential computing together with policy enforcement. Now, the policy enforcement can guarantee that the data is only processed within the confines of a confidential computing environment, that the workload is in cryptographically verified that there is the workload that was meant to process the data and that the data will be only used when abiding to the confidentiality and integrity safety of the confidential computing environment. And that's why we believe confidential computing is one necessary and essential technology that will allow us to ensure data sovereignty, especially when it comes to user's control. >> Thank you for that. I mean it was a deep dive, I mean brief, but really detailed. So I appreciate that, especially the verification of the enforcement. Last question, I met you two because as part of my year-end prediction post, you guys sent in some predictions and I wasn't able to get to them in the predictions post, so I'm thrilled that you were able to make the time to come on the program. How widespread do you think the adoption of confidential computing will be in '23 and what's the maturity curve look like this decade in your opinion? Maybe each of you could give us a brief answer. >> So my prediction in five, seven years as I started, it will become utility, it will become TLS. As of freakin' 10 years ago, we couldn't believe that websites will have certificates and we will support encrypted traffic. Now we do, and it's become ubiquity. It's exactly where our confidential computing is heeding and heading, I don't know we deserve yet. It'll take a few years of maturity for us, but we'll do that. >> Thank you. And Patricia, what's your prediction? >> I would double that and say, hey, in the very near future, you will not be able to afford not having it. I believe as digital sovereignty becomes ever more top of mind with sovereign states and also for multinational organizations, and for organizations that want to collaborate with each other, confidential computing will become the norm, it will become the default, if I say mode of operation. I like to compare that today is inconceivable if we talk to the young technologists, it's inconceivable to think that at some point in history and I happen to be alive, that we had data at rest that was non-encrypted, data in transit that was not encrypted. And I think that we'll be inconceivable at some point in the near future that to have unencrypted data while we use. >> You know, and plus I think the beauty of the this industry is because there's so much competition, this essentially comes for free. I want to thank you both for spending some time on Breaking Analysis, there's so much more we could cover. I hope you'll come back to share the progress that you're making in this area and we can double click on some of these topics. Really appreciate your time. >> Anytime. >> Thank you so much, yeah. >> In summary, while confidential computing is being touted by the cloud players as a promising technology for enhancing data privacy and security, there are also those as we said, who remain skeptical. The truth probably lies somewhere in between and it will depend on the specific implementation and the use case as to how effective confidential computing will be. Look as with any new tech, it's important to carefully evaluate the potential benefits, the drawbacks, and make informed decisions based on the specific requirements in the situation and the constraints of each individual customer. But the bottom line is silicon manufacturers are working with cloud providers and other system companies to include confidential computing into their architectures. Competition in our view will moderate price hikes and at the end of the day, this is under-the-covers technology that essentially will come for free, so we'll take it. I want to thank our guests today, Nelly and Patricia from Google. And thanks to Alex Myerson who's on production and manages the podcast. Ken Schiffman as well out of our Boston studio. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters, and Rob Hoof is our editor-in-chief over at siliconangle.com, does some great editing for us. Thank you all. Remember all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com where you can get all the news. If you want to get in touch, you can email me at david.vellante@siliconangle.com or DM me at D Vellante, and you can also comment on my LinkedIn post. Definitely you want to check out etr.ai for the best survey data in the enterprise tech business. I know we didn't hit on a lot today, but there's some amazing data and it's always being updated, so check that out. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (subtle music)

San Francisco it's the Red Hat summit 2018 brought to you by Red Hat okay welcome back everyone this is the cube live in San Francisco for Red Hat summit 2018 I'm John for the co-host of the cube and this week for three days of wall-to-wall coverage my co-host analyst is John Tory the co-founder of check reckoning and advisory and community development services firm industry legend formerly VMware's Bentley he was at the Q in 2010 our first ever cube nine years ago John Day one wrap up let's analyze what we heard and dissect and and put Red Hat into day one in the books but you know clearly it's a red-letter day for red hat so to speak your thoughts big day for open shift I think and hybrid cloud right we just saw a lot of signs here that we'll talk about that it's real there's real enterprises here real deployments in the cloud multi-cloud on-site hybrid cloud and i think there's really no doubt about that they really brought a brought the team out and you know red hat's become a bellwether relative to the tech industry because if you look at what they do there's so many irons on the fires but more the most important is that they have huge customer base in the enterprise which they've earned over a decades of work being the open source renegade to the open source darling and Tier one citizen they got a huge install basin they got to manage this so they can't just throw you know spaghetti at the wall they gotta have big solutions they're very technical company very humble but they do make some good tech bets absolutely we'll be talking with the folks from core OS tomorrow they have a couple of other action you know things we'll be talking about a lot of interesting partnerships the the most you know the thing here Linux is real and it's is the 20-year growth and that it's real in the enterprise and I mean the top line think the top line slowed and John is is is kubernetes than the gnu/linux for the cloud and I got to say there's some reality there yeah it's there's no doubt about it I mean then I've got my notes here just my summary for the day is on that point the new wave is here okay the glue layer that kubernetes and containers provide on top of say Linux in this case OpenShift a you know alternative past layer just a few years ago becomes the centerpiece of red hats you know architecture really providing some amazing benefits so I think what's clear is that this new shift this new wave is massive and we've heard on the cube multiple references to tcp/ip HTTP these are seminal moments where there's a massive inflection point where the games just radically changes for the better wealth creation happens startups boom new brands emerged that we've never heard of that just come out of the woodwork entrepreneurial activity hits an all-time high and they all these things are coming yeah I said John I was really impressed if we talk to a number of folks who are involved with technologies that some people might call legacy right we the Java programmers the IBM WebSphere folks they've been you you look at these technologies solid proven tested but yet still over here and adapted for today right and they talked about how they're fitting into openshift how they're fitting into modern application development and you're not leaving those people behind they're really here and you know the old joke going back to say Microsoft when Steve Ballmer was the CEO hell will freeze over when Linux isn't in in Microsoft ecosystem look today no further than what's going on in their developer Commerce called Microsoft build where Linux is the centerpiece of their open-source strategy and Microsoft has transformed themselves into a total open-source world so you know now you got Oracle with giving up Java II calling a Jakarta essentially bringing Java into an the Eclipse community huge move it's a kind of a nuance point but that's another signal of the shifts going on out in the open where communities aren't just yesterday's open source model a new generation of open source actors are coming in a new model I think the CNC F is showing it the Linux Foundation proves that you can have commercialization downstream with open source projects as that catalyst point as a big deal and I think that is happening at a new new level and it's super exciting to see yeah I mean open source is the new normal sure that that works it's in the enterprise but that doesn't mean that open source disappears it actually means that open source and communities and companies coming together to drive innovation actually gets more and more important I kind of thought well you know it's open source well everybody does open source but actually the the dynamics we're seeing of these both large companies partnering with small companies foundations like you talked about the Linux cutlasses various parts the Linux Foundation cloud boundary foundation etc right are really making a big impact well we had earlier on assistant general counsel David Levine and bringing about open source I think one key thing that's notable is this next generation of open source wave comes is the business model of open source and operationalizing it in not just server development lifecycle but in the business operation so for example spending resources on managing proprietary products with that have open source components separate from the community is a resource that you don't have to spend anymore if you just contribute everything to open source that energy can go away so I think open source projects and the product monetization component not new concepts is now highlighted as a bonafide competitive advantage across the company not just proven but like operationally sound legally verified certified and I think also you have to look at the distribution of open source versus the operation and management of open source we see a lot of management managed kubernetes coming out and in fact we didn't talk about today Microsoft big announcement here at the show Microsoft is on Azure is running a managed open ship not not kubernetes they already have kubernetes they're running a managed open ship another way of adding value to an open open source platforms to date directly to the IT operator honestly do you think these kind of deals would happen if you go back four years three years ago oh no way as you're running an open shift absolutely I mean were you crazy the you know the kingdom is turned upside down absolutely this is a notable point I want to get your reaction is because I see this absolutely as validation to the new wave being here with kubernetes containers as a de facto rallying point an inflection point big deals are happening IBM and Red Hat big deal we just talked about them with the players here two bellwether saying we're getting behind containers and two bays in a big way from that relationship essentially it changes the game literally overnight for IBM changes the game for Red Hat I think a little bit more for IBM than Red Hat already gets a ton of benefit but IBM instantly gets a cloud strategy that has a real scalable product market to it Arvind the the head of research laid that out and IBM now can go and compete with major players on deals with the private cloud more deals are coming absolutely this is the beginning now that everyone snapped into place is saying okay kubernetes and containers we now understand this the rallying cry a de facto standard I think a formation is going to happen in the next six to 12 months of major major major players now I mean we are in a not one size does not fit all world John so I mean we will continue to see healthy ecosystems I mean mesosphere and DT cos is still out there Dockers still out there right you will see very functional communities and and functioning application platforms and cloud platforms but you got to say the momentum is here I mean look at amine docker mace those fears look at when things like this happened this is my opinion so I'm just gonna say it out there when you have de facto standards that happen like this it's an opportunity to differentiate so I think what's gonna happen is docker meso sphere and others including the legacy guys like IBM and in others they have to differentiate their products they have to compete software companies so I think docker I think is come tonight at docker con but my opinion looking at from the outside is I think Dockers realized looking we can't make money from containers kubernetes is happening we're a great standard in that let's be a software company let's differentiate around kubernetes so this is just more pressure or more call-to-action to deliver good software hey it's never been of somebody said it's never been a better time to be an IT and IT infrastructure right this is a you think that the tools we have available to us super-powerful another key point I want to get your reaction on with kubernetes and containers this kind of de facto standardization is breathing new life into good initiatives and legacy projects so you think about OpenStack okay OpenStack gets a nice segmented approach is now clear with a where the swim lanes are you're an app developer you go over here and if you are a network and infrastructure guy you're going here but middleware a from talk to the Red Hat guys here we talk to IBM those legacy and apps can put a container around it and don't have to be thrown away and take their natural course now I think it's gonna be a three line through this holy a second life is for legacy and stuff and then to cloud is and it's in second inning because now you have the enablement for cloud your reaction the enablement of cloud Ibn iBM has cloud and then the market shares of nm who you believe they're not in that they're in the top three but they're not double digits according to synergy research and he bought us a little bit higher but still if you compare public cloud they're small they look at IBM's and tire and small base and saying if they have a specialty cloud that can be assembled quit Nellie yeah and scaled and maybe instantly successfully overnight yeah I think a few years ago you know there was a lot different always a few years back it always looks confusing right a few years back we were still arguing public cloud private cloud as private cloud ed is what is a true private cloud is that even valuable I still see people on Twitter making fun of everything anybody who's not 100% into the full public cloud which means they must not have talked to you know a lot of IT folks who have to business to run today so I think you're saying it's a it's a it's a multivalent world multi-cloud there's going to be differentiated clouds there's going to be operational clouds there's gonna be financial clouds and just it's it seems clear that you know from the perspective of right now here in San Francisco and 2018 that that you know the purpose of public-private hybrid seems pretty clear just like the purpose of like I said we're gonna in two weeks we'll be an openstack summit I mean the purpose of that seems pretty clear it's it's funny it's like I had this argument and each Assateague he thinks everything should go the public cloud goes eaten has one of the public clouds but he's kind of right and I and I and we talked about this way I with him I said if everything is running cloud operation we're talking about cloud ops we're talking about how its managed how its deployed code bases across the board if everything is clarified from an OP raishin standpoint the Dearing on Prem and cloud and IOT edge is there's no difference stuffs moving around so you almost treats a data center as an edge network so now it's sexually all cloud in my mind so then and also you do have to keep in mind time time horizons right anybody who has to do work the today this quarter right has to keep in mind what's what what portfolio of business deeds and tools do I have right now versus what it's gonna look like in a few years all right so I want to get your thoughts on your walk away from today I'll start my walk away from day one was talking some of the practitioners Macquarie Bank and Amadeus to me they're a tell signed the canary in the coalmine what's happening horizontally scalable synchronous infrastructure the new model is here now we're seeing them saying things like it's a streaming world not just Kafka for streaming data streaming services levels of granularity that at workers traded with containers and kubernetes up and down the stack to me architects who think that way will have a preferred advantage over everybody else that to me was like okay we're seeing it play out I guess I totally agree right the future isn't evenly distributed my takeaway though is there's certainly a future here and the people we talked to today are doing real-world enterprise scale multi-cloud micro services and modern architectures incorporating their legacy applications and components and that and they're just doing it and they're not even breaking a sweat so I think IT has really changed ok day one coverage continues day two tomorrow we have three days of wall-to-wall coverage day two and then finally day three Thursday here in San Francisco this is the cubes live coverage go to the cube dotnet to check out all the videos they're gonna be going up as soon as they are done live here and check out all the cube alumni and check out Silicon angle comm for all news coverage then of course you got tech reckoning Jon's company's the co-founder of for John Fourier and John Shroyer that's day one in the books thanks for watching see you tomorrow